From fe13bd52acb67de56fb5e1866d0ec64fff10ed94 Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Wed, 5 Jun 2019 16:35:05 +0100
Subject: Don't check whether the user's account is expired on /send_mail
 requests

---
 synapse/api/auth.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'synapse/api/auth.py')

diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 0c6c93a87b..e24d942553 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -184,7 +184,13 @@ class Auth(object):
         return event_auth.get_public_keys(invite_event)
 
     @defer.inlineCallbacks
-    def get_user_by_req(self, request, allow_guest=False, rights="access"):
+    def get_user_by_req(
+        self,
+        request,
+        allow_guest=False,
+        rights="access",
+        allow_expired=False,
+    ):
         """ Get a registered user's ID.
 
         Args:
@@ -229,7 +235,7 @@ class Auth(object):
             is_guest = user_info["is_guest"]
 
             # Deny the request if the user account has expired.
-            if self._account_validity.enabled:
+            if self._account_validity.enabled and not allow_expired:
                 user_id = user.to_string()
                 expiration_ts = yield self.store.get_expiration_ts_for_user(user_id)
                 if expiration_ts is not None and self.clock.time_msec() >= expiration_ts:
-- 
cgit 1.5.1


From 4914a8882939337cc04d7e3e3162a9401489a437 Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Mon, 10 Jun 2019 11:34:45 +0100
Subject: Doc

---
 synapse/api/auth.py | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'synapse/api/auth.py')

diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index e24d942553..a04be32890 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -195,6 +195,11 @@ class Auth(object):
 
         Args:
             request - An HTTP request with an access_token query parameter.
+            allow_expired - Whether to allow the request through even if the account is
+                expired. If true, Synapse will still require the access token to be
+                provided but won't check if the account it belongs to has expired. This
+                works thanks to /login delivering access tokens regardless of accounts'
+                expiration.
         Returns:
             defer.Deferred: resolves to a ``synapse.types.Requester`` object
         Raises:
-- 
cgit 1.5.1


From 028f674cd323cc12f2e03e5c734c77bb4095f457 Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Mon, 10 Jun 2019 11:35:54 +0100
Subject: Better wording

---
 synapse/api/auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'synapse/api/auth.py')

diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index a04be32890..79e2808dc5 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -196,7 +196,7 @@ class Auth(object):
         Args:
             request - An HTTP request with an access_token query parameter.
             allow_expired - Whether to allow the request through even if the account is
-                expired. If true, Synapse will still require the access token to be
+                expired. If true, Synapse will still require an access token to be
                 provided but won't check if the account it belongs to has expired. This
                 works thanks to /login delivering access tokens regardless of accounts'
                 expiration.
-- 
cgit 1.5.1